I'm of two minds with respect to the competitive focus on MS. I want to say you're right, this is stupid, concentrate on making Linux better.
But MS will target RedHat whether RedHat returns the favor or not. I imagine MS has been quite frustrated for some months in not having a target they really understand with Linux. Where's the company you can attack? Who do you sue? Now, there is a real commercial entity that MS can attack in all it's usual ways. I expect them to try that out, especially after that little matter with the DOJ is retired.
By making their competitive stance clear, RedHat has keyed in the media to look for FUD and strongarm tactics, should MS attempt them. To some degree it's formalizing what has been partially responsible for making it's stock strong -- the tangible anti-MS sentiment everywhere.
On the other hand, it's also invited comparison in ways it may not be ready for. Some humility at this point may be wise, it makes defeats less painful, and victories more surprising (newsworthy.) As long as RedHat doesn't get too convinced of it's own invulnerability all should be well.
Linux has always sold itself quite well, it doesn't need to be promoted as a Windows(tm)-killer. It needs to gain marketshare to the point where hardware vendors write Linux drivers and software vendors release Linux versions concurrently to Windows versions -- after that it's all cake.
Sun controlling Java has both positive and negative aspects. The positive aspect is that Java can't be forked. The negative aspect is that Java can't be forked. If Sun controls wisely, being unforkable is positive. If Sun goes down the wrong path Java dies instead of being forked.
The threat of forking is a powerful motivator to keep projects open to outside ideas, and to merge well written developer patches.
There is one other large difference between control by Sun vs. control by Linus. Linus is not legally bound to make maximum profit for his shareholders as Sun is. He can base his decisions on how much he likes the code.
I have never programmed a line of Java in my life, and its unlikely I ever will. The point is that you might expect StarOffice support for Linux to resemble Java support for Linux. They're both from Sun, and they're both SCSL.
I saw a rather sorry comment on Linux Today yesterday by a Java developer who had quit Windows cold a year ago. Unfortunately, due to JDK 1.3 not being available under Linux, they are again using Windows.
Why does Sun develop for Windows, and not for Linux? Because Sun is interested in Window's marketshare, not the future of open source or Unix. Why isn't there more community support for development of the JDK within Linux? Because Sun requires the SCSL.
The only difference I see re StarOffice is that Java is a core technology for Sun. It's not hard to understand why they don't want to lose control of it or it's specification. On the other hand I don't see how open sourcing StarOffice could do anything but help them. It's not like they're a major desktop player, or Microsoft will steal the code.
I'm not saying that Sun doesn't have every right to do whatever they want with StarOffice. Free beer is certainly better than expensive beer, and for that we should be grateful.
Right now, Linux isn't competition for Solaris on the high end, but that will change in just a few years, maybe less. Buying some goodwill now by open sourcing StarOffice might not be the worst thing Sun could do. More to the point, StarOffice has a better chance of surpassing Microsoft Office, to Sun's benefit, if a large number of developers choose to work on it.
Discrete math is good. As you say lots of practical applications and examples. It would lead into statistics and probability quite well. Some study of abstract algebraic structures would also help: groups, rings, modules etc. Also of course, logic, proof, and foundations.
I wasn't poking fun. Its just that learning to multiply *was* part of the curriculum for her. Lots of math classes *assumed* she had learned them (and didn't allow calculators.) She is totally unprepared to take any math or science in college as a result now. This is keeping her from taking the environmental science classes she is actually interested in. If you haven't learned the prerequisites, you'll be frustrated, not educated.
I would also agree that memorization is in general a poor way of learning, but there are some things that act like a ROM-BIOS for reasoning that probably should be stored early on. She spells perfectly in English, and conjugates irregular verbs just fine, so it wasn't the memorization that was the problem here, but the boring way multiplication was taught.
I think you are right that we are very unlikely to see MS/Linux, for the reason you state: the GPL. However this is no argument against MS/BSD.
I disagree with the notion that MS has no quality programmers. Sure they've got a lot of people who are only average, but you have to remember people like Michael Abrams who helped John Carmack with some of the trickier parts of Quake. Or Dave Cutler, one of the architects of VMS. I could be wrong, but it seems to me MS's problems are in the nature of its corporate culture, not its programmers. Besides, it's always safer to overestimate the "enemy":).
I'm sure that it's valuable to teach kids Python, and many will enjoy it greatly. A good thing for sure.
But I am already awestruck at the horrible lack of foundation many highschool students graduate with. I personally know a college student (senior year) who never learned their multiplication tables. Good thing for calculators! I'm sure the lack of attention to spelling and grammar is also apparent to many slashdot readers.
The way many primary and secondary schools handle math education is another bar to continuing in either math or computer science. Mathematical fields outside arithmetic, basic algebra, and calculus get very little attention prior to upper division college courses.
I would like to see a class or series of classes that taught logical thinking, problem reduction, mathematical modeling, and computing in an integrated fashion. As well as programming as a means to solve problems, part of this could be writing documentation (with a word processor, naturally.)
It's my belief that if you can teach people to think logically, and express themselves clearly, they can pick up any computer language they desire. Even if they don't, those skills will still serve them well in other fields.
Microsoft has been saying for some years that it intends to move everyone to Windows NT eventually, phasing out the Win 9x series. But NT isn't a good gaming platform (still on DirectX 2.0, aren't they?)
I have to wonder if this is part of a move to make NT more of a pure business system (PHBs *like* it when a system won't play games.) Maybe not, but I don't doubt supporting legacy games is one of the more difficult aspects of combining '9x and NT, given the horrible tricks games are inclined to use for speed.
I think Daveo gets moderated down a lot because his posts are different from most posts. This is not a good reason for downward moderation.
It's akin to downward moderation for spelling or grammar -- clearly an English-centric bias.
This is online, we don't know why Daveo posts like he does. Nor is trying to find out in a public forum at all appropriate. Perhaps he's trying to be irritating, but I see no evidence of that, his posts don't have content that you would associate with that. The point is, he may have perfectly good reasons for using third person and even all caps -- we should be more tolerant of form and concentrate on the content. Isn't that what the online culture is partially about?
To the topic, perhaps holding someone's whole moderation history against them is inappropriate in case some cultural or behavioral difference caused a lot of negative moderation. Having to get moderated up in order to recover is hardly fair if the problem is moderator bias. Note in this thread how many of the moderated up posts are saying Daveo should just "be normal" or "start posting better comments." Perhaps ignoring negative moderation karma unless its within the last month or few would be fairer.
"I believe that, even if they are telling the truth, there is nothing that they could say to make you believe them."
This is not a court trial, and this certainly isn't an objective jury. But:
When a witness is caught lying, its not unusual to reject the rest of their testimony on that basis alone. MS has been caught "severely bending the truth" (to be charitable) many, many times.
Did you find their statement that "advanced web programming knowledge" was necessary to read hotmail truthful? How about the statement they "responded quickly?" (The hole was still open at the time of that statement!) Of course their creditability as a witness is shot.
That doesn't mean there aren't third party advocates doing a good job of defending them, for example the BugTraq report, or Bruce Schneier's eloquent comments on sci.crypt, both of which have been quoted in the original story and in this one.
So, no, there isn't anything Microsoft could say that I wouldn't think about and test carefully before believing. I like to think I have some impartiality with respect to other sources. But everyone I read agrees that something is just a little stupid, or strange about this, except Microsoft. The one halfway convincing argument explaining this is the idea that it allows authenticating replacement crypto modules if the first key is compromised. But Microsoft said "destroyed". Why?
Everytime I see one of those certificates asking "Do you trust content from Microsoft Corporation?" I have to laugh. Sorry, I used to defend Microsoft too, but I gave it up years ago.
According to MS's story, they reviewed the software and requested a backup key be added. No one says if they reviewed it again after it was added. I suspect if they had, they would have requested the _NSAkey name be changed, but as someone noted, they're human too.
It's not even certain they had the sources when they reviewed it, though I would hope that is required. Even then the sources only get you the public portion of the keys, not the private portions, which is why it isn't a problem that these keys were found in the binaries a year or so ago. It might be reasonable to assume that MS had a "debug" key in place then for NSA's use in review, as they do now with W2K, so NSA wouldn't need to have the "real" keys to test the software.
All that said, if they don't have a key, they can get it anytime they want it -- they're the NSA and this is a matter of national security, at least in the government's view. They are skilled enough to steal it, or have muscle enough to demand it, as they wish.
My guess is that they are really unhappy about the fact that the second key can be replaced to allow strong crypto to be loaded, and would prefer the _NSAkey had never been.
-paranoia on- Suppose we've got it backwards and changing the second key indeed allows normal boot, but also triggers sending info to the NSA? I'm sure many enquiring minds with disassemblers are looking into these things:) -paranoia off-
"Posting the 10 Commandments might not have made a difference, but believing them sure would have."
So? Believing the golden rule would have worked equally well and it's a lot less controversial.
You can't force belief on people. They will act from emotion, not reason, in most cases anyway. Especially if you are talking about individuals far enough gone to kill others and themselves.
We need to quit trying to control people *after* they are insane and start working on making sure they don't end up that way in the first place.
I'm strongly in favor of anonymous posting, and browse at -1 typically, though recent events are causing me to rethink that.
Yet, I am really happy to see CmdrTaco trying to do something, even if it proves futile. I've seen too many online communities suffer and wither from the irresponsible behavior of a very small minority of posters. I beg those leaving to consider that they are only giving the assholes exactly what they want, and worsening the problem by reducing the number of worthwhile posts.
I have to believe that if there is a technological solution that sufficient quality minds exist at slashdot to find it. CmdrTaco has made a good start.
The major problem I see is that its too easy to start a new account with a clean record. Could the number of new accounts created from a single IP be time limited - say no more than one per week?
I am not sure how dynamic IPs (for the majority of us on dialups) work into this scheme. Could someone explain?
Yes, exactly, if organizations want to publish their opinion on the suitability of content for minors I don't have a big problem with that.
But to enforce such opinions as law leads to buckets of worms. Especially on the internet.
How do we verify age? If I start seeing credit card AVS's going up at news and gaming sites I'm going to be just a little mad. I don't have a credit card -- never have, never will. What's more -- it won't work -- it will just encourage kids to steal credit card numbers or borrow their parents. If you think that credit cards won't be the method used, how do you explain CDA II? This also means that usage of "suspect" sites will be logged by the credit card companies, something I'd prefer not to see.
It is *ridiculous* to promote enforcing age restrictions on the internet until a practical method of age verification is worked out.
Microsoft states that export controls are not affected. Yet I have heard several say that the NSAkey could be replaced by your own, thereby easily allowing strong crypto modules to be loaded by foreign customers of Windows. Who is wrong here?
Presuming the above to be true, and that it will be fixed in the next release, could this provide another disincentive for upgrade?
Don't you think the NSA might be a little pissed at MS for being dragged into this by a stupid mistake on their part? Not to mention the possible problem with strong encryption control.
Isn't it true that having two valid keys reduces the security of the keys against random guessing by a factor of two? Even if this is not terribly significant shouldn't it be something MS discloses to its customers?
Yup, it would be nice, but I don't expect to get a ride to orbit soon.
But why not a webcam in space? Ideally, turn over one of those older and obsolete spy satellites for public use, and work out some equitable and efficient means of selecting view targets thru a web page.
They really missed the boat by regarding the internet as a source of content rather than the medium it became.
But there were real communities on Compuserve, people coming together to discuss and help each other on topics of mutual interest. The doom community in the Action Games Forum during 1994 is a fairly good example I think. They were friendly and informed (outside the occasional flame war over which editor is best.) Forums like that one achieved a civility that I've rarely seen matched on the internet. Maybe because those paying for their time are less inclined to waste it on mindless flames or disruptive posts?
There is a lot of truth in what you say. Those who say comments and documentation aren't important have obviously never had the experience of returning to a large program a few years after writing it. Taking over code written by someone else is harder. It is *possible* to maintain binary code with a disassembler, true, and it is *possible* to maintain source without documentation or comments. But no one should have to.
The problem as I see it is the disconnect between the documentation and code. Both are descriptions of what the software does, one is readable by humans, the other by the target platform. Problems in both documentation and code arise when the two descriptions aren't equivalent.
One early attempt to remedy this was COBOL. This was to be a computer language that read like a natural language but could be compiled to a machine language. Little documentation should be necessary given a well-structured program source. Needless to say, COBOL didn't really succeed, the mapping between language and operation was too clumsy to be very effective or useful.
Knuth's made some good attempts in the direction of unifying human and machine code specificiations in his CWEB tool.
One day, who knows how long from now, programming may consist of having a conversation with a computer, and explaining a problem to it in natural language, while the details of implementation and correctness are mostly left to the computer. Nice documentation may be output, right along with the executable binary.
If you think that is far-fetched, you may be right. But just this morning I read a report that someone has written software capable of reading a Time magazine and answering questions about it. Very impressive, if true.
Good article, and this could be as significant as he seems to think. But like others he seems sure that the Sun Community Source License qualifies for open source. Sun themselves, on their licensing page say that it is not. The license has definite drawbacks that will drastically reduce the number of developers attracted, unless I haven't been paying attention.
Can't we somehow convince Sun that for this particular project even something like Mozilla's NPL would be more productive? The same licensing page referenced above shows that Sun doesn't seem to like the bazaar model much, so perhaps not.
"Apart from stating that crypto is a solution, everything else is crap."
I was wondering about that. Surely to be practical encryption would have to be completely transparent for HotMail use. If a CGI hole lets you into someone's account *as them*, the automatic decryption would continue to work just fine -- wouldn't it?
"Okay, here's a question. Before I click that "Check for new mail" widget, where is my mail? OH MY GOSH! It's out there on that scary Internet! ARRRGH!"
Well you just said it -- *new mail*. Sure your e-mail passes thru the internet, but it spends very little of its time there. Most of my e-mail has been safely in its folders on my system for months, and only on the internet for hours.
The other issue is concentration of resources. Sure its cheaper and easier to keep 40 million people's e-mail (the entire history for many, not just their recent e-mail) on one set of large servers. But that same concentration means one single flaw in security can expose that entire quantity of e-mail (as was just demonstrated.) When e-mail is stored locally on end-user's machines the risk is distributed, and each person can be more responsible for their own safety.
"Also, our friend the authordroid seems to be mistaking storing applications on a remote sever with storing data on a remote server. Is there really any problem with accessing an application via network that updates itself automagically and lets you save your data either on the server or locally?"
You know, I think thats an excellent idea for web apps like StarOffice and HotMail, keep the files locally, the applications centrally. But I get the impression it wasn't an option for HotMail. It won't be an option for those on WebTV either (like we care -- I know.)
I have nothing against Sun's plan to market web applications, they have a lot to recommend them in ease, price, and convenience. We have to be realistic about the flaws too though, or we're going to see too many more incidents like the recent HotMail crack.
Slashdot Mirror
It would be good, but it's likely to be difficult if you can follow links to the context of the comment. I think context is more important.
I'm of two minds with respect to the competitive focus on MS. I want to say you're right, this is stupid, concentrate on making Linux better.
But MS will target RedHat whether RedHat returns the favor or not. I imagine MS has been quite frustrated for some months in not having a target they really understand with Linux. Where's the company you can attack? Who do you sue? Now, there is a real commercial entity that MS can attack in all it's usual ways. I expect them to try that out, especially after that little matter with the DOJ is retired.
By making their competitive stance clear, RedHat has keyed in the media to look for FUD and strongarm tactics, should MS attempt them. To some degree it's formalizing what has been partially responsible for making it's stock strong -- the tangible anti-MS sentiment everywhere.
On the other hand, it's also invited comparison in ways it may not be ready for. Some humility at this point may be wise, it makes defeats less painful, and victories more surprising (newsworthy.) As long as RedHat doesn't get too convinced of it's own invulnerability all should be well.
Linux has always sold itself quite well, it doesn't need to be promoted as a Windows(tm)-killer. It needs to gain marketshare to the point where hardware vendors write Linux drivers and software vendors release Linux versions concurrently to Windows versions -- after that it's all cake.
Sun controlling Java has both positive and negative aspects. The positive aspect is that Java can't be forked. The negative aspect is that Java can't be forked. If Sun controls wisely, being unforkable is positive. If Sun goes down the wrong path Java dies instead of being forked.
The threat of forking is a powerful motivator to keep projects open to outside ideas, and to merge well written developer patches.
There is one other large difference between control by Sun vs. control by Linus. Linus is not legally bound to make maximum profit for his shareholders as Sun is. He can base his decisions on how much he likes the code.
I have never programmed a line of Java in my life, and its unlikely I ever will. The point is that you might expect StarOffice support for Linux to resemble Java support for Linux. They're both from Sun, and they're both SCSL.
How is it silly if Sun is the one making the changes to the format?
"If Sun gives out StarOffice v.5.00 for free, and then starts charging for v.6.00, then people would just stay with v5."
.DOC files, as it usually is every coupla years.
Unless, of course an upgrade is required to read the latest and greatest version of Microsoft
I saw a rather sorry comment on Linux Today yesterday by a Java developer who had quit Windows cold a year ago. Unfortunately, due to JDK 1.3 not being available under Linux, they are again using Windows.
Why does Sun develop for Windows, and not for Linux? Because Sun is interested in Window's marketshare, not the future of open source or Unix. Why isn't there more community support for development of the JDK within Linux? Because Sun requires the SCSL.
The only difference I see re StarOffice is that Java is a core technology for Sun. It's not hard to understand why they don't want to lose control of it or it's specification. On the other hand I don't see how open sourcing StarOffice could do anything but help them. It's not like they're a major desktop player, or Microsoft will steal the code.
I'm not saying that Sun doesn't have every right to do whatever they want with StarOffice. Free beer is certainly better than expensive beer, and for that we should be grateful.
Right now, Linux isn't competition for Solaris on the high end, but that will change in just a few years, maybe less. Buying some goodwill now by open sourcing StarOffice might not be the worst thing Sun could do. More to the point, StarOffice has a better chance of surpassing Microsoft Office, to Sun's benefit, if a large number of developers choose to work on it.
Discrete math is good. As you say lots of practical applications and examples. It would lead into statistics and probability quite well. Some study of abstract algebraic structures would also help: groups, rings, modules etc. Also of course, logic, proof, and foundations.
I wasn't poking fun. Its just that learning to multiply *was* part of the curriculum for her. Lots of math classes *assumed* she had learned them (and didn't allow calculators.) She is totally unprepared to take any math or science in college as a result now. This is keeping her from taking the environmental science classes she is actually interested in. If you haven't learned the prerequisites, you'll be frustrated, not educated.
I would also agree that memorization is in general a poor way of learning, but there are some things that act like a ROM-BIOS for reasoning that probably should be stored early on. She spells perfectly in English, and conjugates irregular verbs just fine, so it wasn't the memorization that was the problem here, but the boring way multiplication was taught.
I think you are right that we are very unlikely to see MS/Linux, for the reason you state: the GPL. However this is no argument against MS/BSD.
:).
I disagree with the notion that MS has no quality programmers. Sure they've got a lot of people who are only average, but you have to remember people like Michael Abrams who helped John Carmack with some of the trickier parts of Quake. Or Dave Cutler, one of the architects of VMS. I could be wrong, but it seems to me MS's problems are in the nature of its corporate culture, not its programmers. Besides, it's always safer to overestimate the "enemy"
I'm sure that it's valuable to teach kids Python, and many will enjoy it greatly. A good thing for sure.
But I am already awestruck at the horrible lack of foundation many highschool students graduate with. I personally know a college student (senior year) who never learned their multiplication tables. Good thing for calculators! I'm sure the lack of attention to spelling and grammar is also apparent to many slashdot readers.
The way many primary and secondary schools handle math education is another bar to continuing in either math or computer science. Mathematical fields outside arithmetic, basic algebra, and calculus get very little attention prior to upper division college courses.
I would like to see a class or series of classes that taught logical thinking, problem reduction, mathematical modeling, and computing in an integrated fashion. As well as programming as a means to solve problems, part of this could be writing documentation (with a word processor, naturally.)
It's my belief that if you can teach people to think logically, and express themselves clearly, they can pick up any computer language they desire. Even if they don't, those skills will still serve them well in other fields.
Microsoft has been saying for some years that it intends to move everyone to Windows NT eventually, phasing out the Win 9x series. But NT isn't a good gaming platform (still on DirectX 2.0, aren't they?)
I have to wonder if this is part of a move to make NT more of a pure business system (PHBs *like* it when a system won't play games.) Maybe not, but I don't doubt supporting legacy games is one of the more difficult aspects of combining '9x and NT, given the horrible tricks games are inclined to use for speed.
I think Daveo gets moderated down a lot because his posts are different from most posts. This is not a good reason for downward moderation.
It's akin to downward moderation for spelling or grammar -- clearly an English-centric bias.
This is online, we don't know why Daveo posts like he does. Nor is trying to find out in a public forum at all appropriate. Perhaps he's trying to be irritating, but I see no evidence of that, his posts don't have content that you would associate with that. The point is, he may have perfectly good reasons for using third person and even all caps -- we should be more tolerant of form and concentrate on the content. Isn't that what the online culture is partially about?
To the topic, perhaps holding someone's whole moderation history against them is inappropriate in case some cultural or behavioral difference caused a lot of negative moderation. Having to get moderated up in order to recover is hardly fair if the problem is moderator bias. Note in this thread how many of the moderated up posts are saying Daveo should just "be normal" or "start posting better comments." Perhaps ignoring negative moderation karma unless its within the last month or few would be fairer.
"I believe that, even if they are telling the truth, there is nothing that they could say to make you believe them."
This is not a court trial, and this certainly isn't an objective jury. But:
When a witness is caught lying, its not unusual to reject the rest of their testimony on that basis alone. MS has been caught "severely bending the truth" (to be charitable) many, many times.
Did you find their statement that "advanced web programming knowledge" was necessary to read hotmail truthful? How about the statement they "responded quickly?" (The hole was still open at the time of that statement!) Of course their creditability as a witness is shot.
That doesn't mean there aren't third party advocates doing a good job of defending them, for example the BugTraq report, or Bruce Schneier's eloquent comments on sci.crypt, both of which have been quoted in the original story and in this one.
So, no, there isn't anything Microsoft could say that I wouldn't think about and test carefully before believing. I like to think I have some impartiality with respect to other sources. But everyone I read agrees that something is just a little stupid, or strange about this, except Microsoft. The one halfway convincing argument explaining this is the idea that it allows authenticating replacement crypto modules if the first key is compromised. But Microsoft said "destroyed". Why?
Everytime I see one of those certificates asking "Do you trust content from Microsoft Corporation?" I have to laugh. Sorry, I used to defend Microsoft too, but I gave it up years ago.
According to MS's story, they reviewed the software and requested a backup key be added. No one says if they reviewed it again after it was added. I suspect if they had, they would have requested the _NSAkey name be changed, but as someone noted, they're human too.
:)
It's not even certain they had the sources when they reviewed it, though I would hope that is required. Even then the sources only get you the public portion of the keys, not the private portions, which is why it isn't a problem that these keys were found in the binaries a year or so ago. It might be reasonable to assume that MS had a "debug" key in place then for NSA's use in review, as they do now with W2K, so NSA wouldn't need to have the "real" keys to test the software.
All that said, if they don't have a key, they can get it anytime they want it -- they're the NSA and this is a matter of national security, at least in the government's view. They are skilled enough to steal it, or have muscle enough to demand it, as they wish.
My guess is that they are really unhappy about the fact that the second key can be replaced to allow strong crypto to be loaded, and would prefer the _NSAkey had never been.
-paranoia on-
Suppose we've got it backwards and changing the second key indeed allows normal boot, but also triggers sending info to the NSA? I'm sure many enquiring minds with disassemblers are looking into these things
-paranoia off-
"Posting the 10 Commandments might not have made a difference, but believing them sure would have."
So? Believing the golden rule would have worked equally well and it's a lot less controversial.
You can't force belief on people. They will act from emotion, not reason, in most cases anyway. Especially if you are talking about individuals far enough gone to kill others and themselves.
We need to quit trying to control people *after* they are insane and start working on making sure they don't end up that way in the first place.
I'm strongly in favor of anonymous posting, and browse at -1 typically, though recent events are causing me to rethink that.
Yet, I am really happy to see CmdrTaco trying to do something, even if it proves futile. I've seen too many online communities suffer and wither from the irresponsible behavior of a very small minority of posters. I beg those leaving to consider that they are only giving the assholes exactly what they want, and worsening the problem by reducing the number of worthwhile posts.
I have to believe that if there is a technological solution that sufficient quality minds exist at slashdot to find it. CmdrTaco has made a good start.
The major problem I see is that its too easy to start a new account with a clean record. Could the number of new accounts created from a single IP be time limited - say no more than one per week?
I am not sure how dynamic IPs (for the majority of us on dialups) work into this scheme. Could someone explain?
Yes, exactly, if organizations want to publish their opinion on the suitability of content for minors I don't have a big problem with that.
But to enforce such opinions as law leads to buckets of worms. Especially on the internet.
How do we verify age? If I start seeing credit card AVS's going up at news and gaming sites I'm going to be just a little mad. I don't have a credit card -- never have, never will. What's more -- it won't work -- it will just encourage kids to steal credit card numbers or borrow their parents. If you think that credit cards won't be the method used, how do you explain CDA II? This also means that usage of "suspect" sites will be logged by the credit card companies, something I'd prefer not to see.
It is *ridiculous* to promote enforcing age restrictions on the internet until a practical method of age verification is worked out.
Microsoft states that export controls are not affected. Yet I have heard several say that the NSAkey could be replaced by your own, thereby easily allowing strong crypto modules to be loaded by foreign customers of Windows. Who is wrong here?
Presuming the above to be true, and that it will be fixed in the next release, could this provide another disincentive for upgrade?
Don't you think the NSA might be a little pissed at MS for being dragged into this by a stupid mistake on their part? Not to mention the possible problem with strong encryption control.
Isn't it true that having two valid keys reduces the security of the keys against random guessing by a factor of two? Even if this is not terribly significant shouldn't it be something MS discloses to its customers?
Jim
Yup, it would be nice, but I don't expect to get a ride to orbit soon.
But why not a webcam in space? Ideally, turn over one of those older and obsolete spy satellites for public use, and work out some equitable and efficient means of selecting view targets thru a web page.
Jim
Yeah, Compuserve software was really, really bad.
It cost me a ton of money too.
They really missed the boat by regarding the internet as a source of content rather than the medium it became.
But there were real communities on Compuserve, people coming together to discuss and help each other on topics of mutual interest. The doom community in the Action Games Forum during 1994 is a fairly good example I think. They were friendly and informed (outside the occasional flame war over which editor is best.) Forums like that one achieved a civility that I've rarely seen matched on the internet. Maybe because those paying for their time are less inclined to waste it on mindless flames or disruptive posts?
How was Prodigy at forming communities?
Jim
The problem as I see it is the disconnect between the documentation and code. Both are descriptions of what the software does, one is readable by humans, the other by the target platform. Problems in both documentation and code arise when the two descriptions aren't equivalent.
One early attempt to remedy this was COBOL. This was to be a computer language that read like a natural language but could be compiled to a machine language. Little documentation should be necessary given a well-structured program source. Needless to say, COBOL didn't really succeed, the mapping between language and operation was too clumsy to be very effective or useful.
Knuth's made some good attempts in the direction of unifying human and machine code specificiations in his CWEB tool.
One day, who knows how long from now, programming may consist of having a conversation with a computer, and explaining a problem to it in natural language, while the details of implementation and correctness are mostly left to the computer. Nice documentation may be output, right along with the executable binary.
If you think that is far-fetched, you may be right. But just this morning I read a report that someone has written software capable of reading a Time magazine and answering questions about it. Very impressive, if true.
Jim
There is another, little bit longer story at Wired.
Can't we somehow convince Sun that for this particular project even something like Mozilla's NPL would be more productive? The same licensing page referenced above shows that Sun doesn't seem to like the bazaar model much, so perhaps not.
Jim"Apart from stating that crypto is a solution, everything else is crap."
I was wondering about that. Surely to be practical encryption would have to be completely transparent for HotMail use. If a CGI hole lets you into someone's account *as them*, the automatic decryption would continue to work just fine -- wouldn't it?
Jim
"Okay, here's a question. Before I click that "Check for new mail" widget, where is my mail? OH MY GOSH! It's out there on that scary Internet! ARRRGH!"
Well you just said it -- *new mail*. Sure your e-mail passes thru the internet, but it spends very little of its time there. Most of my e-mail has been safely in its folders on my system for months, and only on the internet for hours.
The other issue is concentration of resources. Sure its cheaper and easier to keep 40 million people's e-mail (the entire history for many, not just their recent e-mail) on one set of large servers. But that same concentration means one single flaw in security can expose that entire quantity of e-mail (as was just demonstrated.) When e-mail is stored locally on end-user's machines the risk is distributed, and each person can be more responsible for their own safety.
"Also, our friend the authordroid seems to be mistaking storing applications on a remote sever with storing data on a remote server. Is there really any problem with accessing an application via network that updates itself automagically and lets you save your data either on the server or locally?"
You know, I think thats an excellent idea for web apps like StarOffice and HotMail, keep the files locally, the applications centrally. But I get the impression it wasn't an option for HotMail. It won't be an option for those on WebTV either (like we care -- I know.)
I have nothing against Sun's plan to market web applications, they have a lot to recommend them in ease, price, and convenience. We have to be realistic about the flaws too though, or we're going to see too many more incidents like the recent HotMail crack.
Jim